Ensuring That SuperEval Is Secure and Safe
February 8th, 2017
Internet security remains an important topic in our daily lives. Due to the sensitive nature regarding a superintendent’s evaluation, it is imperative that our online platform, SuperEval, subscribes to the highest levels of security ensuring the data is kept safe and secure. This article, written with the assistance of Robert Daunce, Chief Information Officer at PLS 3rd Learning, provides more technical details our team has employed to keep this information from being compromised.
The data for SuperEval is stored in our hosting environment at Amazon on our production servers. The servers are under the full control of SuperEval and are isolated from Amazon’s other customer equipment. The SuperEval user passwords are encrypted and all communication between systems is fully secure and internal to our hosting environment. These systems are inaccessible by other Amazon customers. The data collected is also stored in backup locations within Amazon on disk snapshots and database backup files. These files are stored securely in the standard persistent storage services hosted by Amazon. These services may include Amazon EC2, Amazon S3, Amazon Glacier, and Amazon RDS. The security of these servers and access to the data stored in each of these services are protected by Amazon’s IAM identity service and are only accessible to those full-time staff members within our organization that are explicitly granted access.
Public access to the website is only available via HTTPS access through the web server’s public facing website. All communication between the public facing web server and the end user’s web browser is encrypted. Firewall rules are maintained to only allow traffic to specific servers and the only rules that allow public access are the ones created allowing HTTP/HTTPS access to the website. No other infrastructure is accessible by either public internet users or by other internal Amazon customers.
Anonymous usage data is sent to the Google Analytics services for aggregate usage reporting. No evaluation data or other sensitive data is sent to the Google Analytics service. Data collected by Google Analytics include what pages were viewed, how long users were on the site, browser/platform details, and other general information about users. This data is used to inform our internal development, operation, marketing, and support staff on usage trends. It may also be used to forecast expected future usage to ensure our hosting infrastructure is sufficient for the expected usage. This data is only available to internal development, operations, marketing, and support staff and it is only available in aggregate form. None of this data contains any evaluation data and cannot be used to identify specific SuperEval users.
As previously mentioned, access to the data stored in the hosting environment is limited only to a few, selected, internal staff that are required to have access to the data in the performance of their job duties. Our lead developer and application architect, whom in a previous position helped top secret security clearance while working with the federal government, along with our network engineer have access for technical operations purposes only. Application users with “sysadmin access” have expanded access to data through the website for helpdesk and support purposes. In all cases, data is only accessed through the hosting environment or through the application in the course of hosting, maintaining, and supporting the SuperEval website.
By leveraging best practices in security, the SuperEval team keeps the superintendent evaluation data safe, secure and uncompromised. If you have any questions about the security of the SuperEval evaluation platform, please click here to contact us.